Candlelites

Everything from Everywhere

hackers are attacking word users with new microsoft office zero-day vulnerability

hackers are attacking word users with new microsoft office zero-day vulnerability News Article With The full text news. The Resource Link is down the post and you can View this News Article in the source page.



hackers are attacking word users with new microsoft office zero-day vulnerability

(image: file photo)attackers are exploiting a previously undisclosed vulnerability in microsoft word, which security researchers say can be used to quietly install different kinds of malware -- even on fully-patched computers.unlike most document-related vulnerabilities, this zero-day bug that has yet to be patched doesn't rely on macros -- in which office typically warns users of risks when opening macro-enabled files.security skype users hit by ransomware through in-app malicious ads these "fake flash" ads, if triggered, can lead to a ransomware attack.instead, the vulnerability triggered when a victim opens a trick word document, which downloads a malicious html application from a server, disguised to look like a rich text document file as a decoy. the html application meanwhile downloads and runs a malicious script that can be used to stealthily install malware.researchers at mcafee, who first reported the discovery on friday, said because the html application is executable, the attacker can run code on the affected computer while evading memory-based mitigations designed to prevent these kinds of attacks.both mcafee and fireeye -- the latter of which posted a similar report saturday but said it had held off on a public disclosure while it was coordinating a response with microsoft -- both agreed on the cause of the vulnerability. the issue relates to the windows object linking and embedding (ole) function, which allows an application to link and embed content ...